Latest news of the domain name industry

Recent Posts

Nominet to charge brands for no-name Whois access

Kevin Murphy, April 23, 2018, Domain Registries

Nominet has become the second major registry to announce that trademark lawyers will have to pay for Whois after the EU General Data Protection Regulation comes into effect next month.

The company said late last week that it will offer the intellectual property community two tiers of Whois access.

First, they can pay for a searchable Whois with a much more limited output.

Nominet said that “users of the existing Searchable WHOIS who are not law enforcement will continue to have access to the service on a charged-for basis however the registrant name and address will be redacted”.

Second, they can request the full Whois record (including historical data) for a specific domain and get a response within one business day for no charge.

Approved law enforcement agencies will continue to get unfettered access to both services — with “enhanced output” for the searchable Whois — for no charge, Nominet said.

These changes were decided upon following a month-long consultation which accepted comments from interested parties.

Other significant changes incoming include:

  • Scrapping UK-presence requirements for second-level registrations.
  • Doing away with the current privacy services framework, offloading GDPR liability to registrars providing such services.
  • Creating a standard opt-in mechanism for registrants who wish for their personal data to be disclosed in public Whois.

Nominet is the second registry I’m aware of to say it will charge brand owners for Whois access, after CoCCA 10 days ago.

CoCCA has since stated that it will sell IP owners a PDF containing the entire unredacted Whois history of a domain for $3, if they declare that they have a legitimate interest in the domain.

It also said they will be able to buy zone file access to the dozens of TLDs running on the CoCCA platform for $88 per TLD.

Famous Four following .sucks playbook with premium pricing for brands?

New gTLD registry Famous Four Media has slapped general availability prices of $500 and up on domain names matching famous brands.

The company plans to shortly introduce eight “premium” pricing tiers, ranging from $200 a year to $10,000 a year.

The first to launch, on July 8, will be its “brand protection tier”, which will carry a $498 registry fee.

Famous Four told its registrars that the tier “will provide an additional deterrent to cyber-squatters for well-known brands ensuring that domain names in this tier will not be eligible for price promotions”.

The gTLDs .date, .faith and .review will be first to use the tiered pricing structure.

It’s not entirely clear what brands will be a part of the $498 tier, or how the registry has compiled its list, but registrars have been given the ability to ask for their clients’ trademarks to be included.

I asked Famous Four for clarification a few days ago but have not yet had a response.

While other registries, such as Donuts, used tiered pricing for GA domains, I’m only aware of one other that puts premium prices on brands: .sucks.

Vox Populi has a trademark-heavy list of .sucks domains it calls Market Premium — formerly Sunrise Premium — that carry a $1,999-a-year registry fee.

Unlike Vox Pop, Famous Four does not appear to be planning a subsidy that would make brand-match domains available at much cheaper prices to third parties.

Famous Four’s gTLDs have seen huge growth in the last month or two, largely because it’s been selling domains at a loss.

.science, for example, has over 300,000 registrations — making it the third-largest new gTLD — because Famous Four’s registry fee has been discounted to just $0.25 from May to July.

The same discount applies to .party (over 195,000 names in its zone) and .webcam (over 60,000).

Those three gTLDs account for exactly half of the over 22,000 spam attacks that used new gTLD domains in March and April, according to Architelos’ latest abuse report.

With names available at such cheap prices, it would not be surprising if cybersquatters are abusing these gTLDs as much as the spammers.

Will intellectual property owners believe a $498+ reg fee is a useful deterrent to cybersquatting?

Or will they look upon this move as “predatory”, as they did with .sucks?

Only 2% of phishing attacks use cybersquatted domain names

Kevin Murphy, October 25, 2012, Domain Registries

The number of cybersquatted domain names being used for phishing is falling sharply and currently stands at just 2% of attacks, according to the Anti-Phishing Working Group.

The APWG’s first-half 2012 report (pdf) identified 64,204 phishing domains in total.

Of those, the group believes that only 7,712 (12%) were actually registered by the phishers themselves. The rest belonged to innocent third parties and had been compromised.

That’s a steep drop from 12,895 domains in the second half of 2011 and 14,650 in the first half of 2011.

Of the 7,712 phisher-owned domains, about 66% were being use to phish Chinese targets, according to the APWG.

The group’s research found only 1,350 that contained a brand name or a misspelling of a brand name.

That’s down from 2,232 domains in the second-half of 2011, representing just 2% of all phishing domains and 17% of phisher-owned domains.

The report states:

Most maliciously registered domain strings offered nothing to confuse a potential victim. Placing brand names or variations thereof in the domain name itself is not a favored tactic, since brand owners are proactively scanning Internet zone files for such names.

As we have observed in the past, the domain name itself usually does not matter to phishers, and a domain name of any meaning, or no meaning at all, in any TLD, will usually do.

Instead, phishers almost always place brand names in subdomains or subdirectories. This puts the misleading string somewhere in the URL, where potential victims may see it and be fooled. Internet users are rarely knowledgeable enough to be able to pick out the “base” or true domain name being used in a URL.

Taken as a percentage of attacks, brand-jacking is clearly a pretty low-occurrence offence, according to the APWG’s numbers.

In absolute numbers, it works out to about 7.5 domain names per day that are being use to phish and contain a variation of the brand name being targeted.

Unsurprisingly, the APWG found that Freedom Registry’s .tk — which offers free registration — is the TLD being abused most often to register domains for phishing attacks.

More than half of the phisher-owned domains were in .tk, according to the report.

Stop the nonsense about TLD-squatting

Kevin Murphy, January 19, 2012, Domain Policy

Barely a day has passed recently without a news report about how companies are being forced to apply for new top-level domains to prevent cybersquatters moving in on their brands.

It’s complete nonsense, of course, brought about by a lack of basic research coupled with years of bad feeling towards the domain name industry and an ICANN new gTLDs outreach campaign that spent six months failing to effectively tackle widely held misconceptions.

Cybersquatters are not going to apply for new gTLDs. If they do, they won’t be approved.

Unfortunately, this does not mean that we’re not going to see lots of “defensive” new gTLD applications.

Due to the way the program is structured, it may actually make strategic sense for some companies to apply for a dot-brand gTLD even if they are otherwise pretty clueless about domain names.

It worries me to think that a few years from now the TLD space – which is currently running at almost 100% utilization – will start to resemble the second level in pretty much every major TLD, with lots of essentially unused, redundant defensive domain names.

I don’t think this will be good for the domain name industry or ICANN.

That said, what looks good for ICANN and the domain name industry is of little concern to brand owners – they just want to make sure their brands are not damaged by the program.

I’ve written a 4,500-word paper analyzing the actual need for companies to file “defensive” gTLD applications, which is now available to DomainIncite PRO subscribers.

Companies that can’t apply for .brand gTLDs say they have decided not to apply for .brand gTLDs

Kevin Murphy, November 8, 2011, Domain Policy

Hewlett-Packard and Proctor & Gamble have ruled themselves out of applying to ICANN for .brand top-level domains, or so they claim.

Bloomberg yesterday reported a distinct lack of enthusiasm for new gTLDs from many large brands, leading with quotes from P&G and HP:

P&G, the world’s largest consumer products company with more than 50 brands including Tide detergent, Pampers diapers and Crest toothpaste, won’t apply for new suffixes, said Paul Fox, a spokesman. HP, the biggest computer maker, considers the program costly and has no plans to take part, said Gary Elliott, vice president of global marketing.

“A lot of companies are looking at the same math as we are and saying, ‘Let’s stop this proposal from happening,’” Elliott said in an interview. “There’s a tremendous amount of confusion about what this means and what the costs are.”

HP’s Elliot is chairman of the Association of National Advertisers, the most vocal opponent of the new gTLD program, as the Bloomberg report notes.

One fact the report doesn’t mention – and I’d bet Elliot didn’t volunteer – is that HP and P&G cannot apply for .hp or .pg due to ICANN’s strict three-character minimum for new gTLD strings.

HP had campaigned for ICANN to scrap the two-character prohibition for a number of years, though it usually also noted that in principle it was opposed to the program.

Nevertheless, it strikes me as disingenuous for the company to say it’s decided against a .brand on the basis of cost, when ICANN essentially made its decision for it years ago.

P&G, which mostly makes cosmetics and toiletries, has also ruled out applying for gTLDs to represent any of its 50 or so well-known brands, Bloomberg reported.

The internet will have to go without .tampax and .pampers for the foreseeable future.

General Motors, Wal-Mart, Adobe, Porsche, Vodafone and Puma are all generally negative on the program but are still evaluating their options, according to Bloomberg.

It’s quite possible that these outfits are just as opposed to the new gTLD program as HP and P&G.

But if they’ve been talking to consultants, they will also have been advised not to publicly talk about their applications. Nothing can be gained by going public before April 12.

  • Page 1 of 2
  • 1
  • 2
  • >